(Sorry for repost. Chris kindly informed me that my messages are empty. I think it could be because GPG sig. Another attempt without it)
Hi all,
I am new to 44net and I haven't found much about DNS. I have the following questions:
1. In order to get traffic routed through the 44 gateway, does a forward or reverse DNS entry need to exist? Does it need to satisfy certain format/conditions? (from a technical standpoint, existance of reverse would make sense as it's done in SMTP servers, but I don't know how this information is queried by the gateway).
2. I run my own bind (also accessible over 44net). I'd love to handle my DNS entries on my own (not least because every request on the portal can take well over a year to be answered, at least for me). Is it possible to request classless in-add.arpa delegation (RFC2317) for my subnet?
3. If the ampr.org domain is used, are there any requirements on the format/hierarchy? Can it be a subdomain <myname>.ampr.org? Or does it need to be <callsign>.ampr.org? Can all entries and hierarchy under this subdomain be freely chosen?
4. Is there any way in the portal to keep track of DNS related requests/messages as it is for subnets? I am not sure any more if, when, what and who I have asked about DNS and I want to avoid sending the request again if it's still "pending".
Thanks, Nick
Hi Nick,
On 26 Aug 2021, at 08:01, Nick Hammler via 44Net 44net@mailman.ampr.org wrote:
(Sorry for repost. Chris kindly informed me that my messages are empty. I think it could be because GPG sig. Another attempt without it)
Hi all,
I am new to 44net and I haven't found much about DNS. I have the following questions:
- In order to get traffic routed through the 44 gateway, does a forward or reverse DNS entry need to exist?
You need a forward A record and reverse entry in ampr.org
Does it need to satisfy certain format/conditions? (from a technical standpoint, existance of reverse would make sense as it's done in SMTP servers, but I don't know how this information is queried by the gateway).
You just need to contact your coordinator and ask them to enter an A record for each host you want to use on the IPIP mesh. Or feel free to contact me if you prefer.
- I run my own bind (also accessible over 44net). I'd love to handle my DNS entries on my own (not least because every request on the portal can take well over a year to be answered, at least for me). Is it possible to request classless in-add.arpa delegation (RFC2317) for my subnet?
I know sometimes responses from coordinators can be variable, but over a year? Bear in mind everyone is a volunteer and responding to AMPRNet queries may not be top of the list, but if you are having problems getting a response then drop me an email.
To answer your question: no, we don’t delegate DNS for IPIP mesh users, it is all handled centrally.
- If the ampr.org domain is used, are there any requirements on the format/hierarchy? Can it be a subdomain <myname>.ampr.org? Or does it need to be <callsign>.ampr.org? Can all entries and hierarchy under this subdomain be freely chosen?
If you are using the IPIP mesh then you do need an A record in ampr.org for each host. The preferred method is to use your callsign as a subdomain, then add one or more A records, e.g. for me it might look like:
gw.g1fef.ampr.org www.g1fef.ampr.org etc.
Entries under your callsign subdomain can be chosen (mostly) freely, we may object to some words, e.g. offensive words.
- Is there any way in the portal to keep track of DNS related requests/messages as it is for subnets? I am not sure any more if, when, what and who I have asked about DNS and I want to avoid sending the request again if it's still "pending".
Just contact me and I will handle your requests. If you are sending more than one or two, please send them in the following format:
hostname (without ampr.org) ADD A <IP Address> for example:
gw.g1fef ADD A 44.1.2.3
You can also request other RR types, e.g. MX records:
mail.g1fef ADD MX 10 mail.g1fef.ampr.org. smtp.g1fef ADD CNAME mail.g1fef.ampr.org.
73, Chris - G1FEF
Thanks, Nick
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On 26 Aug 2021, at 08:34, Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
On 8/26/21 9:20 AM, Chris Smith via 44Net wrote:
To answer your question: no, we don’t delegate DNS for IPIP mesh users, it is all handled centrally.
Is that a new policy? I think in the past there was no relation between DNS delegation and the connection method?
That has always been the case, as was handed down to me by Brian. In any case, we have never used RFC2317 delegation as Nick asked about, not for any connection method, we’ve only ever delegated /24 (or larger) prefixes for BGP announced subnets.
Chris
Rob _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On 8/26/21 9:41 AM, Chris Smith via 44Net wrote:
On 26 Aug 2021, at 08:34, Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
On 8/26/21 9:20 AM, Chris Smith via 44Net wrote:
To answer your question: no, we don’t delegate DNS for IPIP mesh users, it is all handled centrally.
Is that a new policy? I think in the past there was no relation between DNS delegation and the connection method?
That has always been the case, as was handed down to me by Brian. In any case, we have never used RFC2317 delegation as Nick asked about, not for any connection method, we’ve only ever delegated /24 (or larger) prefixes for BGP announced subnets.
Chris
Ok but there are several delegations for IPIP-only connected subnets in the current hosts file... That is why I wondered if it was a new policy.
Rob
On 26 Aug 2021, at 08:58, Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
On 8/26/21 9:41 AM, Chris Smith via 44Net wrote:
On 26 Aug 2021, at 08:34, Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
On 8/26/21 9:20 AM, Chris Smith via 44Net wrote:
To answer your question: no, we don’t delegate DNS for IPIP mesh users, it is all handled centrally.
Is that a new policy? I think in the past there was no relation between DNS delegation and the connection method?
That has always been the case, as was handed down to me by Brian. In any case, we have never used RFC2317 delegation as Nick asked about, not for any connection method, we’ve only ever delegated /24 (or larger) prefixes for BGP announced subnets.
Chris
Ok but there are several delegations for IPIP-only connected subnets in the current hosts file... That is why I wondered if it was a new policy.
Historically I believe there were a small number for some of the larger subnets to coordinators, but not to “end users”. The whole point of the current system is to protect the IPIP mesh, the gateway only passes traffic that has an A record in the ampr.org domain and matching reverse entry. Delegating reverse to everyone would break this.
Chris
On Thu, 26 Aug 2021, Nick Hammler via 44Net wrote:
- In order to get traffic routed through the 44 gateway, does a forward
or reverse DNS entry need to exist?
Yes, hosts must have DNS entries *and* be pingable; only when those two conditions are met is tunneling performed---otherwise traffic continues onwards into the Network Telescopic dataset only.
- Is there any way in the portal to keep track of DNS related
requests/messages as it is for subnets?
Theoretically, yes. But, like many other people, you've discovered that emailing the 44net list generates rapid responses!
-Paul
-
Chris Smith -
Nick Hammler -
Paul Sladen -
Rob PE1CHL